On Mon, 22 Sep 2003, David G. Andersen wrote:
With load balancing, traffic can get routed down a non-functional
path while routing takes place over the other one - BBN did that
to us once, was very entertaining).
Ah yes, I'll always have a special place in my heart for those
Localdirectors
DGA> Date: Mon, 22 Sep 2003 18:32:19 -0400
DGA> From: David G. Andersen
DGA> The whole problem with only listing two anycast servers is that
DGA> you leave yourself vulnerable to other kinds of faults. Your
DGA> upstream ISP fat-fingers "ip route 64.94.110.11 null0" and
DGA> accidentally blitze
On Mon, 22 Sep 2003, David G. Andersen wrote:
> > Yes, I hope that UltraDNS implements something like this, if they have not
> > already. It's still not a guarantee that things will get withdrawn -- or be
> > reachable, even if working but not withdrawn -- in case of a problem. That
> > still l
On Thu, Sep 18, 2003 at 02:38:18PM -0400, Todd Vierling quacked:
>
> On Thu, 18 Sep 2003, E.B. Dreger wrote:
>
> : EBD> That's why one uses a daemon with main loop including
> : EBD> something like:
> : EBD>
> : EBD>success = 1 ;
> : EBD>for ( i = checklist ; i->callback != NULL
On Fri, Sep 19, 2003 at 01:36:41PM -0400, Todd Vierling wrote:
>
> On Fri, 19 Sep 2003, Rodney Joffe wrote:
>
> : You started from a point of having no idea that UltraDNS used anycast,
> : confirmed for everyone in your second email that you had no clue about
> : how anycast worked,
>
> Please
On Fri, 19 Sep 2003, Rodney Joffe wrote:
: You started from a point of having no idea that UltraDNS used anycast,
: confirmed for everyone in your second email that you had no clue about
: how anycast worked,
Please stop the bellicose, holier-than-thou attitude because you feel like
assuming tha
Todd Vierling wrote:
>
> On Fri, 19 Sep 2003, Alex Bligh wrote:
>
> : > DNS site A goes down, but its BGP advertisements are still in effect.
> : > (Their firewall still appears to be up, but DNS requests fail.) Host
> : > site C cannot resolve ANYTHING from DNS site A, even though DNS site B
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Todd Vierling
> Sent: Friday, September 19, 2003 11:37 AM
> To: [EMAIL PROTECTED]
> Subject: apathy (was Re: .ORG problems this evening)
>
>
> I've repeatedly d
On Fri, 19 Sep 2003, Alex Bligh wrote:
: > DNS site A goes down, but its BGP advertisements are still in effect.
: > (Their firewall still appears to be up, but DNS requests fail.) Host
: > site C cannot resolve ANYTHING from DNS site A, even though DNS site B is
: > still up and running. But h
--On 18 September 2003 10:05 -0400 Todd Vierling <[EMAIL PROTECTED]> wrote:
DNS site A goes down, but its BGP advertisements are still in effect.
(Their firewall still appears to be up, but DNS requests fail.) Host
site C cannot resolve ANYTHING from DNS site A, even though DNS site B is
still
On Thu, 18 Sep 2003, Majdi S. Abbas wrote:
: > Sucks to be anyone trying to use the service whose routers pick those nodes
: > as the only ones available. That's the fault of the implementor, not the
: > client.
: I think it's out of line to speculate on how UltraDNS has configured
: thes
On Thu, Sep 18, 2003 at 02:22:19PM -0400, Todd Vierling wrote:
> Sucks to be anyone trying to use the service whose routers pick those nodes
> as the only ones available. That's the fault of the implementor, not the
> client.
I have a sneaking suspicion that if UltraDNS's tld cluster tha
On Thu, 18 Sep 2003, John Fraizer wrote:
: Todd, you don't make the announcement for the anycast address from your
: border.. You do it from within the anycast cluster as a CONDITIONAL
: announcement. IE; you use a specially written BGP daemon that makes the
: announcement when the service is a
> Date: Thu, 18 Sep 2003 11:36:37 -0700 (PDT)
> From: bmanning
> > Bill, I know you know better, so let's try more facts and less
> > FUD. Mmmmkay? Your above paragraph is a red herring that is
> > analogous to saying "all multihomed services must be run on the
> > router itself".
>
> ye
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: EBD> That's why one uses a daemon with main loop including
: EBD> something like:
: EBD>
: EBD> success = 0 ;
: EBD> for ( i = checklist ; i->callback != NULL ; i++ )
: EBD> success &= i->callback(foo) ;
: EBD> if ( success )
: EBD> s
TV> Date: Thu, 18 Sep 2003 14:22:19 -0400 (EDT)
TV> From: Todd Vierling
TV> Sucks to be anyone trying to use the service whose routers
TV> pick those nodes as the only ones available. That's the
TV> fault of the implementor, not the client.
Yes.
TV> The major issue here is that no *gTLD*, pa
> Bill, I know you know better, so let's try more facts and less
> FUD. Mmmmkay? Your above paragraph is a red herring that is
> analogous to saying "all multihomed services must be run on the
> router itself".
yes, it does lean that way... but to expose a sigma-six
blip in how
On Thu, 18 Sep 2003, John Fraizer wrote:
: As has been stated by others, UltraDNS, like the roots and other TLD hosts
: is under nearly constant attack. Perhaps your local nodes were effected
: by an attack. IE; the pipe was full but the service was still alive so the
: anycast prefix wasn't ret
EBD> Date: Thu, 18 Sep 2003 18:01:07 + (GMT)
EBD> From: E.B. Dreger
EBD> That's why one uses a daemon with main loop including
EBD> something like:
EBD>
EBD>success = 0 ;
EBD>for ( i = checklist ; i->callback != NULL ; i++ )
EBD>success &= i->callback(foo) ;
EBD>if (
> Date: Thu, 18 Sep 2003 11:00:53 -0700 (PDT)
> From: bmanning
> Sorry no zebra. Perhaps I should run my TLDs
> DNS service on my Juniper Routers. some expect/cron
> work should provide the needed glue...
Bill, I know you know better, so let's try more facts and less
FUD. M
On Thu, 18 Sep 2003, Keptin Komrade Dr. BobWrench III esq. wrote:
: And, I might add, in the case of a highly complex anycast application,
: you will need to check not only for correctness, but for timeliness.
All this still assumes that DNS should be trusting a single anycast location
as the on
> Date: Thu, 18 Sep 2003 10:29:06 -0700 (PDT)
> From: bmanning
> Ick. you really believe that BGP can or should be augmented to
> understand application "liveness"? BGP reaching past the
And why not? BGP deals in reachability information. Perhaps it
conventionally represents interface and
> Date: Thu, 18 Sep 2003 13:47:01 -0400
> From: Keptin Komrade Dr. BobWrench III esq.
> And, I might add, in the case of a highly complex anycast
> application, you will need to check not only for correctness,
> but for timeliness.
In a realtime system, something that is late is considered
inco
> > BGP has no way to know that an internal network problem occurred. If
> > someone mistakenly tripped over a network cable that disconnected DNS
> > clusters from a router, how would the router know to drop anycast
> > advertisements?
> >
> > (Sure, you could run zebra on the cluster. But wha
On Thu, 18 Sep 2003, Todd Vierling wrote:
BGP has no way to know that an internal network problem occurred. If
someone mistakenly tripped over a network cable that disconnected DNS
clusters from a router, how would the router know to drop anycast
advertisements?
(Sure, you could run z
E.B. Dreger wrote:
TV> Date: Thu, 18 Sep 2003 13:01:18 -0400 (EDT)
TV> From: Todd Vierling
TV> BGP doesn't know when a DNS server dies. Therein lies the
TV> findamental problem of using anycast as an application
TV> redundancy scheme.
But it can and should. Again, seeing if the process is runnin
Todd Vierling wrote:
BGP doesn't know when a DNS server dies. Therein lies the findamental
problem of using anycast as an application redundancy scheme.
You ever think that maybe, just maybe, Ultra wrote some code to do this?
Yes, it might have concievably failed in a way that seems to have left
On Thu, 18 Sep 2003, Todd Vierling wrote:
>
> On Thu, 18 Sep 2003, E.B. Dreger wrote:
>
> : TV> Date: Thu, 18 Sep 2003 10:05:15 -0400 (EDT)
> : TV> From: Todd Vierling
> :
> : TV> DNS site A goes down, but its BGP advertisements are still in
> : TV> effect.
> :
> : Or are they?
>
> I couldn't
> TV> BGP doesn't know when a DNS server dies. Therein lies the
> TV> findamental problem of using anycast as an application
> TV> redundancy scheme.
>
> But it can and should. Again, seeing if the process is running
> is easy; verifying correct functionality requires more work, but
> definitel
TV> Date: Thu, 18 Sep 2003 12:52:29 -0400 (EDT)
TV> From: Todd Vierling
TV> I couldn't know for sure from some sites, but traceroutes
TV> sure got there. That would imply that (at their end) the
TV> advertisements were still up.
Which would be an implementation flaw, not something inherently
w
TV> Date: Thu, 18 Sep 2003 13:01:18 -0400 (EDT)
TV> From: Todd Vierling
TV> BGP doesn't know when a DNS server dies. Therein lies the
TV> findamental problem of using anycast as an application
TV> redundancy scheme.
But it can and should. Again, seeing if the process is running
is easy; verif
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: TV> Anycasting only works as a redundancy scheme when you have a
: TV> mesh of *partially* overlapping BGP advertisements, so that a
: TV> client has a guarantee that at least one address in the mix
: TV> is located elsewhere from the rest.
:
: Don't be s
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: TV> Date: Thu, 18 Sep 2003 10:05:15 -0400 (EDT)
: TV> From: Todd Vierling
:
: TV> DNS site A goes down, but its BGP advertisements are still in
: TV> effect.
:
: Or are they?
I couldn't know for sure from some sites, but traceroutes sure got there.
That
TV> Date: Thu, 18 Sep 2003 11:39:17 -0400 (EDT)
TV> From: Todd Vierling
TV> And guess what: neither of the two addresses supplied by
TV> UltraDNS worked last night for some sites, because their
TV> anycast configuration is not allowing DNS redundancy. It is
TV> depending on every site somehow
TV> Date: Thu, 18 Sep 2003 10:05:15 -0400 (EDT)
TV> From: Todd Vierling
TV> DNS site A goes down, but its BGP advertisements are still in
TV> effect.
Or are they?
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Pho
Speaking on Deep Background, the Press Secretary whispered:
>
> : I think you'll find most people on the list would disagree with you
> : on this point. Many ISP's run anycast for customer facing DNS
> : servers, and I'll bet if you ask the first reason why isn't because
> : they provide faster
On Thu, 18 Sep 2003, Leo Bicknell wrote:
: > Anycast is *NOT* a "redundancy and reliability" system when dealing with
: > application-based services like DNS. Rather, anycast is a geographically
:
: I think you'll find most people on the list would disagree with you
: on this point. Many ISP's
In a message written on Thu, Sep 18, 2003 at 10:05:15AM -0400, Todd Vierling wrote:
> Anycast is *NOT* a "redundancy and reliability" system when dealing with
> application-based services like DNS. Rather, anycast is a geographically
I think you'll find most people on the list would disagree with
On Thu, 18 Sep 2003, just me wrote:
: If you're still confused, have a read here:
:
: http://www.ultradns.com/support/managed_dns_faq.cfm
:
: "Q. I read that your service is supposed to make use of several
: servers all over the world, but you only give users two server
: addresses to provide to
On Thu, 18 Sep 2003, Todd Vierling wrote:
12 dellfweqab.ultradns.net (204.74.103.2) 24.811 ms !H
A nameserver's response to anything but DNS queries is just as
relevant as a web server's response to NTP queries. Why do you insist
that the ability to traceroute to it is an operational require
Todd Vierling wrote:
>
> Yes, it is firewalled. I was pointing out that the route is the same for
> tld1 and tld2 for me, all the way up to the firewall.
Please post traceroutes from your location, as well as from the two
locations in different parts of the USA (You said earlier: "I
tracerout
On Thu, 18 Sep 2003, Stephen J. Wilcox wrote:
: they have two distinct servers by IP, globally they have N x clusters. i'm sure
: each instance is actualyl more than a single linux PeeCee
Doesn't matter if it's a cluster at each location. The fact remains that
there were only two IP addresses v
On Thu, 18 Sep 2003, Todd Vierling wrote:
> On Thu, 18 Sep 2003, Jared Mauch wrote:
>
> : ultradns uses the power of anycast to have these ips that appear
> : to be on close subnets in geographyically diverse locations.
>
> Oh, that's brilliant. How nice of them to defeat the concept of red
On Thu, 18 Sep 2003, Majdi S. Abbas wrote:
: I didn't have a problem with .org this evening, and I've asked
: around and others don't seem to have noticed anything either. It would be
: more helpful if you told us your source prefix, and which filter you're
: hitting when you traceroute to
On Thu, 18 Sep 2003, Jared Mauch wrote:
: ultradns uses the power of anycast to have these ips that appear
: to be on close subnets in geographyically diverse locations.
Oh, that's brilliant. How nice of them to defeat the concept of redundancy
by limiting me to only two of their servers
On Thu, Sep 18, 2003 at 12:50:28AM -0400, Todd Vierling wrote:
> tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
> an hour or two this evening, timing out on all DNS queries. Anyone else see
> similar? (The hosts are unpingable and untracerouteable, so I had to use
>
Todd/Chris,
It makes me wonder how UltraDNS got a contract to manage the domain on
all of two nameservers hosted on the same subnet, given that they were
supposed to have deployed "geographically diverse" (or something like
that) servers. But then, we know ICANN smokes the crack liberally at
times
um, dude, can you sayANYCAST.
On Thu, Sep 18, 2003 at 12:50:28AM -0400, Todd Vierling wrote:
>
> tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
> an hour or two this evening, timing out on all DNS queries. Anyone else see
> similar? (The hosts are unpingable a
Todd Vierling wrote:
>
> tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
> an hour or two this evening, timing out on all DNS queries. Anyone else see
> similar? (The hosts are unpingable and untracerouteable, so I had to use
> DNS queries to determine when they we
CLM> Date: Thu, 18 Sep 2003 05:28:05 + (GMT)
CLM> From: Christopher L. Morrow
CLM> Just because they hosts are on the same subnet and are
CLM> apparently behind the same end device for you doesn't make
CLM> them non-geographically diverse if they are really anycast
CLM> pods, does it? It rea
On Thu, 18 Sep 2003, Christopher L. Morrow wrote:
>
> On Thu, 18 Sep 2003, Todd Vierling wrote:
>
> >
> > It makes me wonder how UltraDNS got a contract to manage the domain on all
> > of two nameservers hosted on the same subnet, given that they were supposed
> > to have deployed "geographically
On Thu, 18 Sep 2003, Todd Vierling wrote:
>
> It makes me wonder how UltraDNS got a contract to manage the domain on all
> of two nameservers hosted on the same subnet, given that they were supposed
> to have deployed "geographically diverse" (or something like that) servers.
> But then, we kno
TV> Date: Thu, 18 Sep 2003 00:50:28 -0400 (EDT)
TV> From: Todd Vierling
TV> tld[12].ultradns.net, the NS for .ORG, was completely
TV> unreachable for about an hour or two this evening, timing out
TV> on all DNS queries. Anyone else see similar? (The hosts are
I don't recall having troubles th
On Thu, Sep 18, 2003 at 12:50:28AM -0400, Todd Vierling wrote:
>
> tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
> an hour or two this evening, timing out on all DNS queries. Anyone else see
> similar? (The hosts are unpingable and untracerouteable, so I had to use
54 matches
Mail list logo